OpenSSL Heartbleed Bug Not An Issue For BWH Customers

  • Post author:
  • Post category:News
  • Post comments:0 Comments
  • Reading time:2 mins read

Many of you may be aware of a recent announcement pointing to the vulnerability of the OpenSSL cryptographic library. This is a widespread vulnerability affecting servers globally, and is not specific to The bug, known as “CVE-2014-0160” allows anyone on the Internet to read the memory of the systems protected by vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

What Is The Heartbleed Bug?

When the OpenSSL’s implementation of the TLS/DTLS heartbeat extension (RFC6520) is successfully exploited it leads to memory leaks of content, both to and from the server. This attack can expose passwords, emails, usernames and other information that has passed through the server because the attack itself is able to retrieve the private keys. This allows an attacker to bypass any encryption.

How Do I Know If I Was Affected?

Due to the nature of this exploit, it is impossible to tell. This bug leaves no tell-tale signs in the logs. If you think you may have been affected, it is advisable to

Am I Vulnerable?

If you are using OpenSSL versions 1.0.1 through 1.0 you are vulnerable to this attack. All BWH customers are protected from this vulnerability. Servers were patched upon announcement of the exploit.

You can check if this vulnerability affects you by using this tool.

Leave a Reply